Secure SHell (ssh) is a wonderful piece of technology, allowing us to connect [securely] to remote hosts across local and wide area networks.
As we’re connecting to an unknown host for the first time, the remote host will present its certificate, however the authenticity of this can’t be guaranteed, and we run the risk of a Man-In-The-Middle (MITM) attack. Fear not penguin chums, there are ways of verifying authenticity of the remote host before passing over credentials.
When researching cryptography, I’ve always found it useful to map out the algorithms functions and apply my own inputs, which result in ciphertext outputs (based on my inputs), and then reverse the process to find the plaintext from the cipertext.
In modern cryptography, the algorithms use a subset of standard mathematical principles, however one of the big challenges we face is the use of very, very large numbers. Now, it’s worth noting that the algorithms work consistently irrespective of whether we use small numbers or big numbers, moreover the security provided by these algorithms exist almost entirely on the size of the input numbers, or keys.
IQN Spoofing for unauthorised access to iSCSI storage volumes
In the world of iSCSI, we connect to storage volumes over Ethernet networks using SCSI commands wrapped up in TCP/IP headers. Conceptually, this is fantastic and simplifies life dramatically.
In order to connect to these storage volumes, we need to implement some form of LUN/volume masking. Typically, this is done using IQNs (iSCSI Qualified Names) as a unique identifier. However, this introduces a rather large security flaw as IQNs are not a unique identifier (in the same way WWNs, MAC or IP addresses are). Continue reading →